Recently cyber security investigators have found what appears to be a configuration file introduced on a domain hosted by the Sky media group, which deceptively lists access to the authorisations of the production-level databases in normal text.
During a risk intelligence collecting action Discovered by Cyber News researchers, the file seems to be the core configuration file of the application compared to the uplift media subdomain of Sky.com.
Other than the plain text access credentials to databases, the file also comprises addresses to improvement endpoints.
Last week, the researchers have informed the issue Sky, following which the configuration file was no longer available.
The question is where’s the database of Sky?
According to all the researches, the file was first indexed by an Internet of things(IOT) search engine last month, which luckily imposes a 30 day long grace time during which the file is now only accessible to only white-hat researchers.
As the file wasn’t removed or warned, it became noticeable to everyone last week, after the termination of the extra time period.
“There is no other way to express what data is being stored on the production server. With that said, open configuration documents can help as faster infiltration shortcuts for ransomware groups that could take a firm’s servers and data convict,” stated the researchers who found the credentials, but not the real database itself till now.
They further add that give warning to actors are always on the lookout for such misconfigurations, and exploit the mistakes and oversights by firms of Sky’s size and significance, and compete that anyone who identified where to look could have retrieved the data using the substantiation credentials registered in the configuration file.